| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
If owner information is after the ACEs instead of before (e.g. Azure servers) in the ACL query
then we would get "invalid argument" returned on setcifsacl -a (adding an ACE).
This fixes that.
Signed-off-by: Steve French <stfrench@microsoft.com>
|
|
Decode the most common ACE types and provide a [-V]erbose option
to show the individual mask bits by name.
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
|
|
Call getcifsacl_usage only for -h and default case.
For others error out with appropriate message.
Signed-off-by: Kenneth D'souza <kdsouza@redhat.com>
|
|
Add more to the error message by printing the filename and error.
Signed-off-by: Kenneth D'souza <kdsouza@redhat.com>
Reviewed-by: Steve French <stfrench@microsoft.com>
|
|
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
|
|
Add vers=3.0.2 as a valid option for SMBv3.0.2 and explain behavior
of vers=default.
Signed-off-by: Kenneth D'souza <kdsouza@redhat.com>
|
|
Gentoo Linux and (historically?) OSX install with the .py suffix.
Signed-off-by: Hank Leininger <hlein@korelogic.com>
|
|
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
|
|
This patch introduces a new '--expire' option that allows the user to
set a timeout value for the dns resolver key -- which is typically
useful for hostnames that may get their ip addresses changed under
long running mounts.
The default timeout value is set to 10 minutes.
Signed-off-by: Paulo Alcantara <palcantara@suse.de>
|
|
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
|
|
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
|
|
Add description for fileallinfo query option.
Note that there are eight other recently added query options, but they
are mostly a subset a "fileallinfo" so could be of little value
(and may even be very confusing if we documented all nine in the
help text in smbinfo, instead of just this one). The man page
has a full description of them.
Signed-off-by: Steve French <stfrench@microsoft.com>
|
|
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
|
|
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
|
|
For example
smbinfo secdesc <file> will print the security descriptor
smbinfo quota <file> will print the quotas for the volume
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
|
|
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
|
|
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
|
|
* remove duplicates (netbiosname, rdma)
* remove snapshot
* document nostrictsync, domain, domainauto better
* point to vers= when talking about version requirements
* typos
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
|
|
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
|
|
Python3 version of rst2man is called rst2man-3
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
|
|
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
|
|
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
|
|
Signed-off-by: Kenneth Dsouza <kdsouza@redhat.com>
|
|
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Steve French <smfrench@gmail.com>
Reviewed-by: Pavel Shilovsky <piastryyy@gmail.com>
|
|
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Steve French <smfrench@gmail.com>
Reviewed-by: Pavel Shilovsky <piastryyy@gmail.com>
|
|
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
|
|
Adds information regarding reconnection time.
Acked-by: Sachin Prabhu <sprabhu@redhat.com>
Signed-off-by: Kenneth D'souza <kdsouza@redhat.com>
|
|
Redhat bugzilla: 1278543
This fixes a segfault for some incorrect usage, for example
cifscreds -u test
Reviewed-by: Steve French <smfrench@gmail.com>
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
|
|
This commit a1f3acd40b265f134a97a739a6898b3958d206b9 modified mount
parameters, but not updated mount.cifs manpage. Fix it.
Signed-off-by: Zhang Xianwei <zhang.xianwei8@zte.com.cn>
|
|
Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Aurelien did a big conversion of raw troff files into .pod docs in a
recent patch. That worked out pretty well, but I have some reservations
about using POD as a canonical format.
While it does make it pretty simple to write manpages, it's sort of an
obscure format, and is heavily associated with perl. Meanwhile, the
kernel is slowly moving to using ReStructured Text as its documentation
format. Given the simplicity of the cifs-utils manpages, I think we're
better suited to using rst as a canonical format, rather than pod.
This patch converts all of the .pod files in the code to .rst files,
and fixes the Makefile and autoconf to use the correct tools to turn
those into manpages.
The conversion was done with the pod2rst script, with some by-hand
modifications at the end to clean up the formatting and add the manual
section numbers. It's not perfect and could probably use a second pass
to clean up the warts in the formatting, but the content is all intact
and it should be readable.
Finally, convert the makefile rules to use standard SUFFIX rules
instead of the non-portable GNU make % style extension rules. We don't
really expect anyone to use anything other than GNU make here, but
this silences an automake warning.
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Move all man pages to easily editable POD files and generate troff
source when building.
Previous .in troff file are still preprocessed before final generation
to use configured path (.pod.in -> .pod -> troff). All temporary
files (.pod.in and troff sources) are properly deleted on clean.
Remove all troff file, no need to keep generated copies under source
control.
This commit does not change the content of the man pages but makes
future editing easier.
Adds a new --enable-man/--disable-man configure option to control the
generation and installation of man pages. The option is automatically
enabled if the system supports it. Explicitly enabling it will make the
configure script fail if pod2man is not installed.
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
|
|
of the pre-allocated size
Some SMB servers such as HDS HNAS (Hitachi NAS) return error
NT Status: STATUS_INVALID_SECURITY_DESCR (0xc0000079)
during set cifs acl operation.
This happens due to mismatch in the size of actual security descriptor
being set versus the size of the security descriptor stated in the request.
Instead of sending allocated buffer size of a security descriptor,
send the actual size of the security descriptor during set cifs acl
operation.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
...to silence a couple of compiler warnings.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
|
|
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
|
|
data_blob.h includes talloc.h from libtalloc, but that is only marked as
a dependency for cifs.upcall. No symbols from that header are used by
cifs.mount, so remove it to avoid the libtalloc dependency
Signed-off-by: Thomas Witt <pyromaniac@exherbo.org>
|
|
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Using a more permanent ccache is potentially problematic when we're
instantiating a new one. We might be operating under different creds
than expected. Just use a MEMORY: ccache since we don't need it to
last longer than the life of the upcall anyway.
Reported-and-Tested-by: Chad William Seys <cwseys@physics.wisc.edu>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Setuid programs triggering upcalls could trick the program here. Also,
the d_automount method is done with credentials overridden so if you
can end up with mismatched creds and env vars due to that as well.
It's a hack, but the only recourse I can see is to avoid doing this
when the uid is 0. That means we can't rely on finding root credcaches
in alternate locations using $KRB5CCNAME, but I think that's the best
we can do.
Reported-and-Tested-by: Chad William Seys <cwseys@physics.wisc.edu>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
We don't want to trust $KRB5CCNAME when creating or updating a new
credcache since we could be operating under the wrong credentials.
Always create new credcaches in the default location instead.
Reported-by: Chad William Seys <cwseys@physics.wisc.edu>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
It's defined to nothing anyway.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
It just frees and then zeroes out the pointer. That's of dubious
value in the places where it's currently being used. Just use
free() instead.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Nothing uses it now.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Take just what we need from replace.h and move it to cifs.upcall.c.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Just need stdbool.h instead.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
We only need ZERO_STRUCT there.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
We really only need CAP_DAC_READ_SEARCH, not CAP_DAC_OVERRIDE, and
only when we are going to probe the environ file.
Also, fix the non-libcap-ng trim_capabilities prototype.
Reviewed-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
/proc/<pid>/environ file
Chad reported that he was seeing a regression in cifs-utils-6.6. Prior
to that, cifs.upcall was able to find credcaches in non-default FILE:
locations, but with the rework of that code, that ability was lost.
Unfortunately, the krb5 library design doesn't really take into account
the fact that we might need to find a credcache in a process that isn't
descended from the session.
When the kernel does an upcall, it passes several bits of info about the
task that initiated the upcall. One of those things is the PID (the
tgid, in particular). We can use that info to reach into the
/proc/<pid>/environ file for the process, and grab whatever value of
$KRB5CCNAME is there.
Then, after switching credentials, set $KRB5CCNAME in the environment
to the same value before opening the credcache, to hint to the krb5
libs where they ought to look.
This new behavior is on by default, but can be disabled by having
request-key pass a '-E' flag to cifs.upcall.
Reported-by: Chad William Seys <cwseys@physics.wisc.edu>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Much of cifs.upcall can and should be run without elevated privileges.
On entry into the program, drop as many capabilities as we can get away
with, and then always drop any remaining caps after calling setuid().
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
